hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,729 Commits 1,672 Branches 157 Tags
c2ec1b0a810fcc79a3524f5933e67cbede16f4f0
Commit Graph

2939 Commits

Author SHA1 Message Date
Tom Hvitved
29fb23e6a4 C#: Add flow summaries for System.[Value]Tuple 2020-10-09 13:38:30 +02:00
Tom Hvitved
ca4e5014ae C#: Include compiler-generated array lengths in the CFG 2020-10-08 10:35:50 +02:00
Tom Hvitved
ce8567c64a Merge pull request #4293 from hvitved/csharp/cfg/assertions 
C#: Model assertions in the CFG
 2020-10-08 10:32:13 +02:00
Tom Hvitved
b70f5bc954 Merge pull request #4433 from hvitved/csharp/dataflow/switch-expr 
C#: Add missing data-flow for switch expressions
 2020-10-08 09:13:43 +02:00
Anders Schack-Mulligen
cb00f8bcc4 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup 
Sign analysis cleanup
 2020-10-08 09:10:04 +02:00
Tamás Vajk
06f1c898dc Merge pull request #4349 from tamasvajk/feature/modulus-analysis 
ModulusAnalysis shared between C# and Java
 2020-10-07 21:21:20 +02:00
Tom Hvitved
31816af11e C#: Add missing data-flow for switch expressions 2020-10-07 17:10:29 +02:00
Tamas Vajk
4df6a41616 ModulusAnalysis shared between C# and Java 2020-10-07 16:12:24 +02:00
Tom Hvitved
af36718dc6 C#: QL doc adjustments 2020-10-07 15:15:18 +02:00
Tamas Vajk
d2d8d009eb Sync Bound between C# and Java 2020-10-07 11:43:30 +02:00
Tamas Vajk
94dc11c45a Revert getNonIntegerValue unification 2020-10-07 10:56:01 +02:00
Tamás Vajk
8d09885ae6 Merge pull request #4378 from tamasvajk/feature/flow-summary-nullable 
Flow summary nullable
 2020-10-06 11:45:41 +02:00
Tom Hvitved
6bd355784a Merge pull request #4353 from hvitved/csharp/dataflow/task-precise 
C#: Precise data-flow for `System.Threading.Tasks`
 2020-10-06 10:45:19 +02:00
Tamas Vajk
faf663a334 C#: Flow summary for Nullable<T> 2020-10-06 09:03:49 +02:00
Tom Hvitved
c39bca5240 C#: Model data-flow for System.Threading.Tasks.Task<T>.GetAwaiter() 2020-10-05 17:15:54 +02:00
Tamas Vajk
3b70064606 C#: Improve data flow summary for System.Lazy<> 2020-10-05 14:45:14 +02:00
Tom Hvitved
c0b251ad9e C#: Precise data-flow for System.Threading.Tasks 2020-10-03 11:13:45 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Tom Hvitved
1a93090778 C#: Improve guards SSA logic in the context of control-flow splitting 2020-10-02 18:00:34 +02:00
Tom Hvitved
f1d6f7cd0c C#: Model assertions in the CFG 2020-10-02 17:56:41 +02:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Tom Hvitved
55d25d90fa Merge pull request #4386 from hvitved/csharp/remove-deprecated-queries 
C#: Remove deprecated external queries
 2020-10-02 15:12:33 +02:00
Chris Smowton
aa707e9370 Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Tamas Vajk
1cf3196b61 Fix additional PR review findings 2020-10-02 09:12:13 +02:00
Tamas Vajk
01de550ef8 Make predicates private 2020-10-02 09:12:13 +02:00
Tamas Vajk
f52cf264ec Refactor specificSubExprSign 2020-10-02 09:12:13 +02:00
Tamas Vajk
f03146d12f Refactor fieldSign 2020-10-02 09:12:13 +02:00
Tamas Vajk
21ff1a0445 Address some of the PR review findings 2020-10-02 09:12:13 +02:00
Tamas Vajk
638d0399a8 Java, C#: Refactor explicitSsaDefSign in sign analysis 2020-10-02 09:09:23 +02:00
Tamas Vajk
7545fe74e3 Java, C#: Refactor implicitSsaDefSign in sign analysis 2020-10-02 09:09:23 +02:00
Tamas Vajk
37fc1d6f0f Java, C#: cleanup sign analysis 
Add missing QL doc, improve readability
 2020-10-02 09:09:23 +02:00
Tom Hvitved
bc68578c8b C#: Remove deprecated external queries 2020-10-01 21:11:47 +02:00
Anders Schack-Mulligen
c027f3bd2b Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis 
Handle unsigned types in sign analysis (C# and Java)
 2020-10-01 15:11:49 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Tom Hvitved
93edaa75eb Merge pull request #4309 from tamasvajk/feature/enum-value-init 
Extract constant value of enum member equal clauses
 2020-09-28 16:18:10 +02:00
Tamas Vajk
2bbaa4e173 Handle unsigned types in sign analysis (C# and Java) 2020-09-28 14:46:32 +02:00
Tamas Vajk
3577b27f49 Fix to not report on enum member initialization 2020-09-28 11:04:22 +02:00
Robert Marsh
713bdae77a C++: sync identical files 2020-09-25 13:54:58 -07:00
Anders Schack-Mulligen
3ef3e6e140 Merge pull request #4319 from hvitved/python-java-block-precedes-var 
Java/Python: Reduce size of `blockPrecedesVar`
 2020-09-24 16:07:49 +02:00
Tamás Vajk
5ab5e75b85 Merge pull request #4255 from fatenhealy/IncreaseInsufficientKeySizeValue 
Increase insufficient key size value from 1024 to 2048
 2020-09-22 23:06:12 +02:00
Faten Healy
c35a5d120a C#: Increasing required size of RSA key to 2048 2020-09-22 11:09:49 +02:00
Tom Hvitved
71da9045e5 Java/Python: Reduce size of blockPrecedesVar 2020-09-22 11:00:26 +02:00
Tom Hvitved
06dbec78f7 C#: Add Guard::controlsBasicBlock() and simplify Guard::isEquality() 2020-09-21 16:15:12 +02:00
Tamas Vajk
8bf4a4209c C#: Sign analysis 
Synced between Java and C# through `identical-files.json`.
 2020-09-21 16:15:12 +02:00
Tom Hvitved
d867172d27 Merge pull request #4300 from hvitved/csharp/runtime-checks-bypass-bad-magic 
C#: Avoid bad magic in `RuntimeChecksBypass.ql`
 2020-09-18 19:40:34 +02:00
Tom Hvitved
aac2e0ebfb C#: Avoid bad magic in RuntimeChecksBypass.ql 
Before:

```
[2020-09-18 14:03:57] (2587s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#bbf#antijoin_rhs#1:
                      1270       ~8%     {2} r1 = SCAN RuntimeChecksBypass::uncheckedWrite#bbf#shared AS I OUTPUT I.<1>, I.<0>
                      188197390  ~0%     {3} r2 = JOIN r1 WITH #Callable::Callable::calls_dispred#bfPlus AS R ON FIRST 1 OUTPUT R.<1>, r1.<1>, r1.<0>
                      2425784042 ~1%     {3} r3 = JOIN r2 WITH Expr::Expr::getEnclosingCallable_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>, r2.<2>
                      58         ~9%     {2} r4 = JOIN r3 WITH project#RuntimeChecksBypass::checkedWrite#bfff AS R ON FIRST 2 OUTPUT r3.<0>, r3.<2>
                                         return r4
```

After:

```
[2020-09-18 14:08:48] (5s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#fff#antijoin_rhs:
                      24704473 ~2%      {2} r1 = SCAN DataFlowPublic::localExprFlow#ff AS I OUTPUT I.<1>, I.<0>
                      23784154 ~6%      {4} r2 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, 28, R.<0>, R.<1>
                      201391   ~2%      {2} r3 = JOIN r2 WITH expressions AS R ON FIRST 2 OUTPUT r2.<2>, r2.<3>
                      23784154 ~0%      {3} r4 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, R.<0>, R.<1>
                      1065242  ~20%     {2} r5 = JOIN r4 WITH expr_value AS R ON FIRST 1 OUTPUT r4.<1>, r4.<2>
                      1266633  ~16%     {2} r6 = r3 \/ r5
                                        return r6
```
 2020-09-18 14:15:30 +02:00
Tom Hvitved
4090859207 C#: Avoid bad magic in UselessUpcast.ql 2020-09-18 12:14:52 +02:00
Tom Hvitved
d095d6b56b Merge pull request #4139 from hvitved/csharp/cfg/foreach-loop-empty 
C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty
 2020-09-15 09:30:29 +02:00
Tamás Vajk
d21c101c0d Merge pull request #4041 from tamasvajk/feature/update-roslyn 
C#: upgrade Roslyn dependencies to version 3.7
 2020-09-14 13:57:36 +02:00